I then reminded everyone that “openness and candor are critical to our future success and I do not want anyone dealing other than with total honesty with our congressional monitors. Further, anyone suspecting that any activities at NSA constitute a violation of law, regulation, or ethics must notify proper authorities. However, when policy, resource, or operational decisions are properly arrived at and promulgated by agency authorities I expect each of us to carry out their part of the program.”
The note was unclassified, so the Hill was certainly aware. Surprisingly, the phone didn’t ring. They had their responsibilities. I had mine.
Most never saw the whole Thin Thread dispute as anything other than a technical argument; I never encountered any other senior who seemed to think or act otherwise. But the small group of passionate Thin Thread supporters have elevated this into a sort of digital age morality play.
First of all, they claimed a kind of operational equivalency and then compared their program’s relatively modest price tag with Trailblazer’s substantial costs. Even if it had been able to scale, Thin Thread was addressing a fraction of the issues that Trailblazer was designed to take on. The comparison is specious.
Since then, they have also argued fraud, waste, and abuse, pointing not only to Trailblazer’s troubled procurement history, but to the fact that SAIC, where Bill Black had worked while away from the agency, was the prime contractor on Trailblazer’s technology demonstration platform. SAIC is indeed where Bill worked—and where he left when I asked him to come back to serve—but that had nothing to do with the contracting process.
Finally, Binney, Roark, Wiebe, Drake, and Loomis have claimed an ethical and legal superiority. Binney has flatly accused NSA of lying. In 2012 he charged that “George Bush, Dick Cheney, Tenet, and Hayden combined to subvert the Constitution, the constitutional process, and any number of laws.”
Such comments gained steam and a larger audience after NSA’s retention of American metadata was made public by Edward Snowden. Thin Thread would have made all of that unnecessary, they argued.
I don’t see how, even setting aside the operational issues. They argued that Thin Thread would have collected the data but would have immediately encrypted it and would have made it accessible only through strict protocols. But the issue with NSA’s retention of massive amounts of American metadata was not that NSA had misused it, but rather that NSA had it, a condition that would not be ameliorated by encrypting it.
Sometime before 9/11, the Thin Thread advocates approached NSA’s lawyers. The lawyers told them that no system could legally do with US data what Thin Thread was designed to do. Thin Thread was based on the broad collection of metadata that would of necessity include foreign-to-foreign, foreign-to-US, and US-to-foreign communications. In other words, a lot of US person data swept up in routine NSA collection.
But NSA’s protocols required that US person information be filtered out at every step of the intelligence process. Avoid collecting it if possible; if collected, avoid retaining it, and so on. Thin Thread required collecting, retaining, and then using US information for its success.
Binney and company insisted that encrypting and controlling access to the US data solved this problem; they told us that Roark, NSA’s overseer, agreed. NSA’s lawyers didn’t, and when they briefed the House Intelligence Committee’s staff, the lawyers from both sides of the aisle sided with the agency.
It wasn’t that we weren’t trying. As we approached the millennium with 1999 rolling over to 2000, we were all deeply concerned about a potential terrorist attack in the homeland. Our fears were justified; an alert border agent later detained a terrorist trying to enter the country on a ferry in Puget Sound.
At NSA, we were pulling out all the stops. The operations folks were proposing a new course of action. Like all of us, they were concerned about terrorists entering or already inside the homeland. The head of operations wanted to try the Thin Thread approach, retain US metadata that we were collecting in our foreign intelligence activities, encrypt it, limit access to it through a kind of “two key” protocol, and then (when indicated) chain through the metadata to other contacts.
It was operationally sound, but my lawyers remained very suspicious of its legality. They demanded a meeting with me. After a session with both the ops and legal teams present, I decided to force the issue. “Press Justice,” I said. “Tell them we want to do this.”
Let me be clear. This was me arguing for a limited use of the Thin Thread approach prior to 9/11.
The answer from Justice was also clear: “You know you can’t do this.” When that was reported back to the HPSCI staff, Roark accused NSA of just not being forceful enough with Justice, a charge that brought a barely suppressed laugh from a Democratic staffer.
So Thin Thread did not moot the US person issue, as some later claimed when condemning President Bush’s Stellarwind program (chapter 5). The US person issue was mooted only after the president in that program specifically authorized NSA to acquire US metadata after the 9/11 attacks. That would indeed prove a controversial decision (controversial even though NSA continued to acquire US metadata through the summer of 2015), but Thin Thread would have required a similar authorization. Inexplicably (at least to me), the Thin Thread team has continued to hold up its approach as a lawful alternative to the president’s “unlawful” Stellarwind.
Put bluntly, prior to President Bush authorizing Stellarwind, Thin Thread’s intricacies and processes did not meet the requirements of US law. After Stellarwind was launched, Thin Thread’s scalability problems simply caused us to choose a different system.
Thin Thread’s advocates filed an IG (inspector general) complaint against Trailblazer in 2002. After I had left NSA, in late 2005, Siobhan Gorman published a series of articles in the Baltimore Sun bitterly critical of Trailblazer. They were later sourced to Tom Drake, who had apparently already despaired in 2005 that the new DIRNSA, Keith Alexander, would reverse course on Thin Thread. The subsequent FBI investigation of the leak led to heavy-handed raids on the homes of practically everyone in the Thin Thread group. Drake was later indicted under the Espionage Act, a heavy and blunt instrument, and not surprisingly, the case ultimately collapsed of its own weight.
To be clear, I had nothing to do with that. I didn’t even file the crimes report that precipitated the investigation. Drake overstepped and the rest of them were a pain in the ass, but that’s hardly grounds to ruin lives. This was a matter better handled administratively, like revoking clearances, for example.
The Thin Thread folks weren’t done, though. When a team of Americans went to Moscow in 2013 to present Edward Snowden with the Sam Adams Award for Integrity in Intelligence, Tom Drake was in the group.
Then in the summer of 2014, Drake and Binney showed up in front of the German Bundestag’s commission looking into NSA’s activities there. Binney asserted that “they [NSA] want to have information about everything. This is really a totalitarian approach. The goal is control of the people.” Drake, after claiming that NSA wanted to punish Germany for harboring the 9/11 hijackers, added that NSA’s “monitoring regime has grown into a system that is strangling the world.”
Like I said, they were messianic. I wonder what they would have been like if we had bought their widget.
THREE
GOING TO WAR . . . WITH SOME HELP FROM OUR FRIENDS
FORT MEADE, MD, 2001–2003
We all remember that Tuesday morning, crystal clear, not a cloud in the sky along the East Coast. September 11, 2001, the end of the world as we knew it. I had stayed up late watching Monday Night Football. The game was in Denver, the opening of the Broncos’ new stadium, and I was coming into my office on about six hours’ sleep. I started around 7:00 a.m., as I always did, this day running down to the agency barbershop for a quick haircut. On the way back I stopped at my operations center, the NSOC, for an update. Pretty normal. Nothing special on the ho
rizon.
Back in the office, I was working my way through some routine appointments when my executive assistant, Cindy Farkus, came in and said, “A plane hit the World Trade Center.” Like practically everyone else, I thought it must have been an accident, probably a small plane, and I continued with my meeting. Then Cindy came in again and said, “A plane hit the other tower.”
“OK—get the head of security up here,” I responded as I adjourned the meeting. Just as Kemp Ensor, the security chief, was coming through my office door, Cindy came in again and said, “There are reports of explosions on the Mall,” a garbled version of the third plane hitting the Pentagon. Ensor still hadn’t said a word. “Tell everyone, all nonessential personnel, to evacuate,” I ordered.
I then directed that those remaining (probably more than five thousand) move out of the two high-rise headquarters buildings and into the original ops building, a long, low-riding three-story structure that would present a tougher target for an aircraft. That’s where my ops center was, so I moved there as well.
My executive assistant came with me. The rest of the office staff evacuated, but before they did, one of them, Cindy Finifter, who religiously kept my calendar, hammered out an entry in her log:
NOTE: ATTACK ON AMERICA—EARLY DISMISSAL—PM MEETINGS WERE CANCELLED
Attack on America. DCI George Tenet called me before the morning was out, asking what we had. Like everyone else in the intelligence community (IC),* we knew it was al-Qaeda, but I had the benefit of having real evidence and was able to report that we were getting the communications equivalent of celebratory gunfire on al-Qaeda networks. George responded with a resigned “Yeah.”
One group that we could not move out of the high-rise buildings was our counterterrorism team. Fort Meade is more than just the headquarters of NSA; it’s also its biggest field station, and a significant portion of America’s SIGINT is produced there every day—including its counterterrorism intercepts and reports, and this was one team whose work we could not disrupt to move it to a safer location.
It was getting close to dusk when I went up to their offices. Most of the team were Arab American, so the national and professional trauma of the attacks was even more personal for them.
They were hard at work. I didn’t interrupt them. I just walked from station to station, not even pausing for them to take their headsets off, gripping a shoulder, nodding my head, an occasional “hang in there” or words to that effect.
While I was there the maintenance staff was tacking up blackout curtains over the windows. It felt surreal. Blackout curtains in eastern Maryland in the twenty-first century.
When I finally got home that night, my wife was waiting for me and gave me a warm hug. We joined the national mourning as we both broke into tears. I had not spoken to her since a quick call that morning asking her to locate our adult kids. She had taken calls from her mother and from my brother and had assured them that I was not at the Pentagon when the plane hit.
There, in our hallway, Jeanine and I acknowledged that tomorrow was going to be a very different day.
It was, and so were all the days after it during my time at NSA. For one thing, with more people and more money and a relentless focus, we could mass our resources on decisive points. On 9/11 we had about 250 mission areas we were required to cover. Within weeks of the attacks and without objection I had suspended over 10 percent of them and degraded another quarter. Increased resources and focus also allowed us to accelerate the transformation already under way. The week of the attack, I asked our gathered seniors what effect 9/11 should have on our transformation program. Their bottom line was, “Change nothing. Accelerate everything.”
There was anger as well as resolve in our response. Before the week of 9/11 was out, I could see bumper stickers all over CIA with the last known words of Todd Beamer, one of the heroes of Flight 93 over Pennsylvania: “Let’s roll.” Jeanine suggested a similar theme for NSA after we unwound late one night looking at a replay of a national concert commemorating 9/11 losses. It was Tom Petty’s “I Won’t Back Down.” With Mr. Petty’s generous permission, we plastered NSA facilities around the world with the thought and the music for the next several years.
Operationally, the counterterrorism chiefs at NSA narrowed their work down to three clear tasks: follow the money (terrorist financing); follow the stuff (arms, precursor chemicals, and the like); and, above all, follow the people.
SIGINT was invaluable for this. Time and again the intercept of communications told us what we needed to know. An example: Eliza Manningham-Buller, head of Britain’s MI5, called me in March 2004 after her service and the British police had raided twenty-four locations, made eight arrests, and confiscated half a ton of ammonium nitrate. She thanked me for the NSA SIGINT that was an “absolutely crucial building block for the whole operation.”
I put that out to the entire NSA workforce and got a grateful e-mail in return. It seems that a local Maryland radio station had been waxing eloquent about the British takedown, contrasting it to the bumbling ways of American intelligence. The e-mail writer had been understandably offended and was very heartened to learn of the NSA role. It was a reminder that, in intelligence, you often don’t get to publicly sign your own work.
In pursuit of terrorists, we also mastered geolocation and metadata, a bit different from traditional reporting on the content of targeted terrorist, diplomatic, or even military communications. If you had enough metadata—the pattern of how a communications device was used (whom did it call, who called it, when, for how long)—you could pretty much determine what the owner of a device was up to. Some of this would later be the topic of debate when it came to collecting American metadata, but here it enabled NSA to burrow in on a dirty phone and determine its user and his contacts even with limited knowledge of content. Then, using all the tools available, we could precisely fix where the phone was.
We had struck pay dirt, almost haphazardly, early on in Afghanistan, killing an al-Qaeda leader and several of his lieutenants as they were fleeing Kabul. The strike was enabled by combining imagery and intercepts in real time. After I was briefed on the operation, I asked, “Why can’t we do that all the time?” and put some bright minds on figuring out how to institutionalize the approach.
We set up an effort, the Geocell, staffed it with smart young folks, teamed them up with imagery analysts from the National Geospatial-Intelligence Agency (NGA), and then wired them directly to tactical units in the field.
Old SIGINTers will tell you that this was just a version of what they used to call traffic analysis. If it was, it was on a massive dose of steroids.
We put the Geocell in the basement among the heating ducts, forklifts, supplies, and other detritus of our industrial base. When visitors passed through the cypher-locked door and entered the secure work area, though, they could see huge screens with current imagery and watch Fort Meade analysts in multiple chat rooms throughout the war zone, advising combat forces in real time and living up to their self-described role: “We track ’em, you whack ’em.”
In early November, the US government took a shot from a Predator drone at a Taliban compound north of Kabul based on Geocell input. We were under way.
This kind of activity was first confined to the war zone in Afghanistan, but then, beginning in late 2002, NSA SIGINT was married to real-time imagery and other intelligence to support actions against al-Qaeda elsewhere.
Time magazine was skeptical. In reporting on such strikes, Time opined that “the idea of targeting terrorist quarry from the skies far from the open battlefields of Afghanistan is, of course, a different proposition and it’s unlikely to become the norm.”
Wrong.
Around this time, George Tenet and other intelligence luminaries were at Fort Meade to celebrate the fiftieth anniversary of the founding of NSA by President Truman’s (secret) executive order in 1952. A lot was said about the origins and impo
rtance of the agency. It put a nice exclamation point on our current successes.
The operational success of SIGINT-imagery cooperation shouted out for more and stronger linkages. Jim Clapper was an old friend and mentor, and now headed NGA, the clumsily labeled National Geospatial-Intelligence Agency. NGA merged imagery intelligence (IMINT) with traditional mapping and tried to live its motto, “Know the earth. Show the way.” Our two disciplines, SIGINT and IMINT, lived parallel lives in terms of their technology and their speed. Both of us were collecting and producing electrons.
Over time we linked our databases and our IT systems and were sharing exploitation techniques. In the fall of 2004 Jim and I were onstage together for an hour in New Orleans, briefing our collaboration to thousands in our contractor base. Anyone who doubts the significance of that scene just doesn’t know enough about the traditional culture of the American intelligence community.
Jim and I were united in the knowledge that this was an intelligence-driven war. All wars are, of course, but this one especially. We had spent most of our professional lives in the Cold War. Intelligence then was hard work, but it was difficult for our adversary to hide the tank armies of Group Soviet Forces Germany or the vast Soviet ICBM fields in Siberia. That enemy was pretty easy to find. Just hard to kill.
This was different. This enemy was relatively easy to kill. He was just very, very hard to find.
Seems simple, but it inverted a lot of conventional thinking. That’s why later, when some intelligence programs became controversial, I argued that restricting our intelligence in the current effort was like unilateral disarmament in the former. You were voluntarily surrendering the key elements of success.
It inverted some concepts of operations too. Intelligence professionals are accustomed to operators demanding information so they can go do something important. I was having dinner at the house of Charlie Holland, the commander of Special Operations Command (SOCOM), early in the war. Charlie was a good friend. We had been together in something called CAPSTONE, DOD’s finishing school for new brigadiers, and while on that program’s class trip had jogged together through the capitals of several Latin American countries. Over dessert Charlie turned to me, tapped the table, and said, “Mike, I need actionable intelligence.”
Playing to the Edge: American Intelligence in the Age of Terror Page 4